impossible with firewalled servers?

R

rkleemann

Verified User
Joined
Aug 21, 2007
Messages
15
Hi,

I'm really interested in DA, but it turns out DA can only be installed on servers that are directly on the public network.

This is very strange, as certainly most companies have servers behind a firewall, and the servers have private IPs.

I would imagine that DA should cater to companies that have protected networks.

It is not possible to have DA on servers behind a firewall?

:( :(
 
Why do you use private ips behind the firewall for the serveres ? We run all of our servers with public ips behind our Juniper SSG520 firewall and it work great :)
 
rfauske said:
Why do you use private ips behind the firewall for the serveres ? We run all of our servers with public ips behind our Juniper SSG520 firewall and it work great :)
Click to expand...

It's just normal practice to use private ips for security, they are not directly accessible at all since private ips are not routable.
 
rkleemann said:
It's just normal practice to use private ips for security, they are not directly accessible at all since private ips are not routable.
Click to expand...

You gain nothing using private ips that poke hole in the fw in to since you open the same ports as if you were using public ips. But if you are only serving internal sites i could understand why you would do it.
 
rfauske said:
You gain nothing using private ips that poke hole in the fw in to since you open the same ports as if you were using public ips. But if you are only serving internal sites i could understand why you would do it.
Click to expand...

I understand. In any case, it is normal anyway, to have private ips, the bottom line is regardless, that my existing network is with private ips and I really don't have an option to change that.

If there's a way to make DA work in that environment, I'd like to know.
 
I believe you would add the private ips as usual in direct admin. After adding a domain you would edit the domains dns zone with the public ips. I've done this with cpanel, abit of a pain, but it worked.
 
Seth said:
I believe you would add the private ips as usual in direct admin. After adding a domain you would edit the domains dns zone with the public ips. I've done this with cpanel, abit of a pain, but it worked.
Click to expand...

but I think it's a licensing issue. What DA support told me is that DA won't work without a public ip, my guess is that their license checks against the server's ip address.
 
Cpanel works the same way, checks lic ip. There's a way to make it work :)
 
rkleemann said:
I'm really interested in DA, but it turns out DA can only be installed on servers that are directly on the public network.
Click to expand...
That depends on what you mean by directly. If you mean that aren't behind a router, that's not true. If you mean that aren't on a NATted IP#, that is true.
This is very strange, as certainly most companies have servers behind a firewall, and the servers have private IPs.
Click to expand...
Firewalls do not necessary require NATting, though many cheap home-use routers do.
I would imagine that DA should cater to companies that have protected networks.
Click to expand...
They do. They require a public routable IP# on the server, but that doesn't eliminate the use of a firewall.
It is not possible to have DA on servers behind a firewall?
Click to expand...
You're being redundant. See above.
Nivko said:
I know people who have DA installed on their home server and it's running fine.
Click to expand...
Perhaps, but if so and if they're behind a NATted firewall, then they're running a hacked copy in violation of the license and can't expect support from DirectAdmin.
rkleemann said:
It's just normal practice to use private ips for security, they are not directly accessible at all since private ips are not routable.
Click to expand...
It may be for some people. It's incompatible with many hosting panels, including DirectAdmin. As others have written, it adds nothing to the security of a server with all unnecessary ports closed, as necessary ports must be routed to the server anyway.
the bottom line is regardless, that my existing network is with private ips and I really don't have an option to change that.
Click to expand...
Then you'll either have to find a control panel that doesn't have the requirement, or forego using a control panel.
If there's a way to make DA work in that environment, I'd like to know.
Click to expand...
There is no way we know of; you can't even download DirectAdmin if you're not on a public routable IP#.
Seth said:
I believe you would add the private ips as usual in direct admin. After adding a domain you would edit the domains dns zone with the public ips. I've done this with cpanel, abit of a pain, but it worked.
Click to expand...
DirectAdmin is not cPanel.
kleemann said:
but I think it's a licensing issue. What DA support told me is that DA won't work without a public ip, my guess is that their license checks against the server's ip address.
Click to expand...
That is correct.
Seth said:
Cpanel works the same way, checks lic ip. There's a way to make it work
Click to expand...
See above. DirectAdmin won't install except on a routable static IP#. It won't run except on a routable static IP#. It won't update except on a routable static IP#.

If you can make it do otherwise, then you're not going to get help from DirectAdmin.

Jeff
 
You could create a transparent bridging firewall (fairly easy to do in FreeBSD). There are tutorials out there that let you do this.
 
And if you're using Linux look for the Kiss firewall in these forums. Also APF+BFD.

Jeff
 
You must log in or register to reply here.
Back
Top